Protecting Windows Credentials: An Excessive Guide for Security Professionals

BSidesLV 2017

Presented by: Mark Burnett
Date: Wednesday July 26, 2017
Time: 14:00 - 14:55
Location: Ground1234!

Average users might never be safe from credential-theft on Windows, but security professionals are in a position (and have the appropriate threat model) to protect themselves beyond clicking on a few UAC prompts. Through some extreme hardening measures, a few custom tools, and somewhat unconventional security practices, you will learn to turn a leaky default Windows installation into a highly secure computing environment.

This isn't a hardening tutorial, this is about understanding the Windows security model, how it handles different types of credentials, and how you can protect those credentials.

Mark Burnett

Mark Burnett is an infosec consultant and author. He has spent most of the last twenty years researching, consulting, writing, and sometimes just ranting about how to secure the software and operating systems we work with every day. Mark has written several books, published numerous magazine and online articles, and produced software developer training courses. Mark has a particular passion for passwords and wrote the book Perfect Passwords which gives advice and tips on dealing with passwords in our daily lives.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats